by Hannah Eure
Every August, Black Hat draws the security world into a concentrated blur of zero-day demos, CISO panels, hallway chatter, and Vegas heat. This year’s show will be no exception, but if you’re hoping to land media coverage, don’t wait until you’re at Mandalay Bay to think about your story.
Reporters are already taking briefings, building editorial calendars, and planning what they don’t want to hear about (spoiler: “We use AI” won’t cut it). So if you’re a PR team prepping clients or a company fine-tuning your message, here are five storylines shaping up to matter most.
1. AI is a double-edged sword
AI is the most hyped (and most complex) storyline of the year. It’s helping security teams spot threats faster, prioritize vulnerabilities more intelligently, and automate the kinds of low-level tasks that once drained security team time and attention. But it’s also doing something else: empowering attacks.
Autonomous agents are being used not just to defend software but to probe it, exploit, and in some cases, weaponize it. This has raised real, urgent questions: Where do we draw the line between helpful and harmful automation? Who sets the rules for AI in cybersecurity when tools are evolving daily?
Media isn’t just looking for commentary. They’re looking for clarity. Stories that balance the promise of AI with the real risks it introduces will resonate. The most compelling voices will be the ones who can talk about governance, not just capability: how do teams decide what to automate, what to escalate, and what to leave up to human judgement?
2. Mind the four-million-person talent gap
Cybersecurity continues to be an egregiously understaffed industry. The latest ISC2 workforce study puts the global shortfall of cyber pros at roughly 4.8 million, despite record hiring. The talent gap has been widening for decades, and AI has emerged as a viable candidate. Roles that have been open for years can now be filled by AI agents, which is a boon to organizations hoping to bring on more security professionals and scale their teams.
There’s a distinction to be made here between “replacing” human workers and augmenting their efforts: the promise of AI has always been to make us more productive and efficient at our jobs – not to bench us entirely. That’s where the best stories live right now. Reporters are interested in how teams are restructuring work rather than eliminating it. They want to hear how junior analysts are being trained to work alongside automation tools, how SOCs are shifting from alert triage to strategic risk analysis, and how organizations are building new career paths that didn’t exist a few years ago.
The question at the heart of this conversation has shifted away from “Who’s doing the work?” Now, it’s “How do we grow security teams when AI is changing what team even means?”
3. Where humans still matter
There are still plenty of moments in security that call for human nuance: deciding how to communicate a breach, weighing the ethical implications of a disclosure, or responding to incidents that touch physical infrastructure or human safety. No model, no matter how advanced, can fully replace the contextual judgement, empathy, and creativity that humans bring to those scenarios.
The companies best positioned to lead in this space are the ones being intentional about when to hit pause on automation. Reporters want to hear from teams that have drawn clear boundaries: where do agents act autonomously, and where does human oversight stay firmly in place? These decisions are both technical and cultural, and they’re shaping the future of how security teams operate.
4. Open source, evolving expectations
Open source is an engine of innovation in cybersecurity – a place where ideas move faster, collaboration runs deeper, and transparency is a feature, not a bug. But as our digital infrastructure becomes more reliant on community-maintained code, the stakes are changing. It’s no longer just about speed and flexibility, but about resilience, governance, and trust.
The expectation that open source software is “free” has started to give way to more nuanced conversations about accountability. Who maintains the libraries millions of businesses rely on? Who funds that work? And how do we ensure that open ecosystems remain secure in a world where attackers are just as aware of these public dependencies as defenders are? These aren’t theoretical questions anymore. They’re top-of-mind for boards, regulators, and customers alike.
As the cybersecurity industry continues to embrace open source, it’s also redefining what responsible participation looks like. That means investing in maintainers, supporting memory-safe coding practices, and building transparency into how open source tools are evaluated and deployed. At Black Hat this year, expect the conversation to go beyond tool demos and into the harder (but more meaningful) work of building a stronger, more sustainable foundation for the entire security community.
5. AppSec, scaled and scrutinized
If you’ve worked in security, you know the phrase “shift left.” It was the rallying cry for a generation of AppSec pros who wanted to bring security into the earliest stages of development. But in today’s world, where teams deploy continuously, integrate third-party code daily, and manage applications built on decades of layered software, “shift left” alone isn’t enough.
The new conversation is about scale. How do you secure code you didn’t write – and maybe didn’t even know your app was using? How do you prioritize remediation in a world where alerts outnumber engineers? And how do you embed security across the entire lifecycle, not just the CI/CD pipeline?
This is the evolution reporters want to cover: the move from reactive fixes to proactive strategy, from isolated tooling to deeply integrated platforms. The most impactful stories will show how real teams are adapting: using AI to cut noise, introducing SBOMs to increase visibility, and embracing cross-functional collaboration to keep up with the pace of modern development.
A final note for PR teams
You don’t need to have all the answers going into Black Hat. But you do need to ask the right questions. This year, reporters are looking for voices that can cut through the noise – people who can talk about what’s changing, what’s at stake, and what’s next.
So whether you’re representing a startup or a household name, remember: clarity beats jargon. Nuance beats hype. Thoughtful storytelling always beats a flashy one-liner.
If you need help building your cybersecurity narrative, contact Kickstand today! Our team has deep roots in the cyber world and knows how to turn technical expertise into coverage that actually moves the needle.
